Network Architecture
All the machines use the NAT network network mode inside of VirtualBox. This allows the malware to be contained in a virtual network such that it does not affect our physical host.
We can learn more about the various networking options inside of VirtualBox from these resources:
Topology
The architecture of the lab is as follows:
Components
| Component | Purpose |
|---|---|
Wazuh server - SIEM and XDR | Indexes and stores alerts generated by the Wazuh server and provides near real-time data search and analytics capabilities. |
Wazuh agent - Endpoint detection | Protects the system by providing threat prevention, detection, and response capabilities. Collects different types of system and application data that it forwards to the Wazuh server through an encrypted and authenticated channel. |
Cortex/MISP - Threat Intelligence | Threat Intelligence platform which allows observables such as IP and email addresses, URLs, domain names, files or hashes can be analyzed using a Web interface. |
Shuffle - SOAR platform | No-code automation platform (SOAR) that lets users automate processes. |
TheHive - Case Management | Allows SOC analysts to Collaborate, Elaborate and Act on investigations. |
Last updated
